Package: BSDgames
Version: 2.17-1
The vulnerabilities are caused due to boundary errors when reading
the player's name in pl_main.c
code segment:
printf("Your name, Captain? ");
fflush(stdout);
fgets(captain, sizeof captain, stdin);
if (!*captain)
strcpy(captain, "no name");
else
captain[strlen(captain) - 1] = '\0';
}
Being captain initialized as: char captain[80].
There is some similar issues in Tetris, and Hack too.
This can be exploited by users to gain gid=games an then to cause a stack-based
buffer overflow when
other users run the game, by modifying entries in a game file like scores in
Tetris or Hack.
Successful exploitation allows the execution of arbitrary code with
the privileges of other users.
Well... english isnt my first language and i dont know if the bugs can be
reported in spanish so i hope to be understandeable
Anibal L. Sacco
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
